This is a one-time login for %user_name.
Click on this button to log in to the site and change your password.
', array('%user_name' => $user->getUsername()))); + } + else { + $form['message'] = array('#markup' => $this->translationManager->translate('This is a one-time login for %user_name and will expire on %expiration_date.
Click on this button to log in to the site and change your password.
', array('%user_name' => $user->getUsername(), '%expiration_date' => format_date($timestamp + $timeout)))); + } + $form['help'] = array('#markup' => '' . $this->translationManager->translate('This login can be used only once.') . '
'); + $form['actions'] = array('#type' => 'actions'); + $form['actions']['submit'] = array('#type' => 'submit', '#value' => $this->translationManager->translate('Log in')); + $form['#action'] = $this->urlGenerator->generateFromPath("user/reset/$uid/$timestamp/$hash/login"); + return $form; + } + } + else { + drupal_set_message($this->translationManager->translate('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.')); + return new RedirectResponse($this->urlGenerator->generateFromPath('user/password', array('absolute' => TRUE))); + } + } + else { + // Deny access, no more clues. + // Everything will be in the watchdog's URL for the administrator to check. + throw new AccessDeniedHttpException(); + } + } + } + + /** + * {@inheritdoc} + */ + public function validateForm(array &$form, array &$form_state) {} + + /** + * {@inheritdoc} + */ + public function submitForm(array &$form, array &$form_state) {} + +} diff --git a/core/modules/user/user.module b/core/modules/user/user.module index 6380387..579ad1b 100644 --- a/core/modules/user/user.module +++ b/core/modules/user/user.module @@ -830,11 +830,8 @@ function user_menu() { ); $items['user/reset/%/%/%'] = array( 'title' => 'Reset password', - 'page callback' => 'drupal_get_form', - 'page arguments' => array('user_pass_reset', 2, 3, 4), - 'access callback' => TRUE, + 'route_name' => 'user_pass_reset', 'type' => MENU_CALLBACK, - 'file' => 'user.pages.inc', ); $items['user/logout'] = array( diff --git a/core/modules/user/user.pages.inc b/core/modules/user/user.pages.inc index 04bd69c..aec75fe 100644 --- a/core/modules/user/user.pages.inc +++ b/core/modules/user/user.pages.inc @@ -12,89 +12,6 @@ use Drupal\Component\Utility\Crypt; /** - * Menu callback; process one time login link and redirects to the user page on success. - */ -function user_pass_reset($form, &$form_state, $uid, $timestamp, $hashed_pass, $action = NULL) { - global $user; - - // When processing the one-time login link, we have to make sure that a user - // isn't already logged in. - if ($user->isAuthenticated()) { - // The existing user is already logged in. - if ($user->id() == $uid) { - drupal_set_message(t('You are logged in as %user. Change your password.', array('%user' => $user->getUsername(), '!user_edit' => url("user/" . $user->id() . "/edit")))); - } - // A different user is already logged in on the computer. - else { - $reset_link_account = user_load($uid); - if (!empty($reset_link_account)) { - drupal_set_message(t('Another user (%other_user) is already logged into the site on this computer, but you tried to use a one-time link for user %resetting_user. Please logout and try using the link again.', - array('%other_user' => $user->getUsername(), '%resetting_user' => $reset_link_account->getUsername(), '!logout' => url('user/logout')))); - } else { - // Invalid one-time link specifies an unknown user. - drupal_set_message(t('The one-time login link you clicked is invalid.')); - } - } - return new RedirectResponse(url('This is a one-time login for %user_name.
Click on this button to log in to the site and change your password.
', array('%user_name' => $account->getUsername()))); - } - else { - $form['message'] = array('#markup' => t('This is a one-time login for %user_name and will expire on %expiration_date.
Click on this button to log in to the site and change your password.
', array('%user_name' => $account->getUsername(), '%expiration_date' => format_date($timestamp + $timeout)))); - } - $form['help'] = array('#markup' => '' . t('This login can be used only once.') . '
'); - $form['actions'] = array('#type' => 'actions'); - $form['actions']['submit'] = array('#type' => 'submit', '#value' => t('Log in')); - $form['#action'] = url("user/reset/$uid/$timestamp/$hashed_pass/login"); - return $form; - } - } - else { - drupal_set_message(t('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.')); - return new RedirectResponse(url('user/password', array('absolute' => TRUE))); - } - } - else { - // Deny access, no more clues. - // Everything will be in the watchdog's URL for the administrator to check. - throw new AccessDeniedHttpException(); - } - } -} - -/** * Prepares variables for user templates. * * Default template: user.html.twig. @@ -179,7 +96,7 @@ function user_cancel_confirm_form($form, &$form_state, $account) { $question = t('Are you sure you want to cancel your account?'); } else { - $question = t('Are you sure you want to cancel the account %name?', array('%name' => $account->getUsername())); + $question = t('Are you sure you want to cancel the account %name?', array('%name' => $account->name)); } $default_method = config('user.settings')->get('cancel_method'); $description = NULL; @@ -227,7 +144,7 @@ function user_cancel_confirm_form_submit($form, &$form_state) { $account->save(); _user_mail_notify('cancel_confirm', $account); drupal_set_message(t('A confirmation request to cancel your account has been sent to your e-mail address.')); - watchdog('user', 'Sent account cancellation request to %name %email.', array('%name' => $account->getUsername(), '%email' => '<' . $account->getEmail() . '>'), WATCHDOG_NOTICE); + watchdog('user', 'Sent account cancellation request to %name %email.', array('%name' => $account->name, '%email' => '<' . $account->mail . '>'), WATCHDOG_NOTICE); $form_state['redirect'] = "user/" . $account->id(); } @@ -306,7 +223,7 @@ function user_cancel_confirm($account, $timestamp = 0, $hashed_pass = '') { $account_data = drupal_container()->get('user.data')->get('user', $account->id()); if (isset($account_data['cancel_method']) && !empty($timestamp) && !empty($hashed_pass)) { // Validate expiration and hashed password/login. - if ($timestamp <= $current && $current - $timestamp < $timeout && $account->id() && $timestamp >= $account->getLastLoginTime() && $hashed_pass == user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime())) { + if ($timestamp <= $current && $current - $timestamp < $timeout && $account->id() && $timestamp >= $account->login && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) { $edit = array( 'user_cancel_notify' => isset($account_data['cancel_notify']) ? $account_data['cancel_notify'] : config('user.settings')->get('notify.status_canceled'), ); diff --git a/core/modules/user/user.routing.yml b/core/modules/user/user.routing.yml index 90570ea..c057998 100644 --- a/core/modules/user/user.routing.yml +++ b/core/modules/user/user.routing.yml @@ -89,6 +89,14 @@ user_pass: requirements: _access: 'TRUE' +user_pass_reset: + pattern: '/user/reset/{uid}/{timestamp}/{hash}/{operation}' + defaults: + _form: '\Drupal\user\Form\UserPasswordResetForm' + operation: 'confirm' + requirements: + _access: 'TRUE' + user_page: pattern: '/user' defaults: